CVE-2023-53244
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer buf->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of tw68_risc_buffer() and the value of buf->cpu before buffer free.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53244
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 5.15.113 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.30 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference bug in the Linux kernel's tw68 media PCI driver. When the driver tries to prepare a buffer using the function tw68_risc_buffer(), the call to dma_alloc_coherent may fail, resulting in an empty buffer (buf->cpu is null). Later, when the driver frees or accesses this buffer, it triggers a null pointer dereference, which can cause a crash or other unintended behavior. The issue can potentially be triggered dynamically from the user side. The fix involves checking the return value of tw68_risc_buffer() and verifying buf->cpu before freeing the buffer.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or behave unexpectedly due to a null pointer dereference in the tw68 driver. This may lead to denial of service or system instability if exploited, potentially affecting system availability.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for the tw68 driver null pointer dereference bug. The fix involves checking the return value of tw68_risc_buffer() and the value of buf->cpu before freeing the buffer, preventing the null pointer dereference. Until the update is applied, avoid using the affected tw68 driver to prevent triggering the bug.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53244. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart